[keycloak-user] Browser not maintaining session for keycloak users

keycloak demo testoauth55 at gmail.com
Thu Aug 23 01:25:24 EDT 2018 

Thanks Marek for the update,

I understand that https://issues.jboss.org/browse/KEYCLOAK-5179   mentions
the issue pertaining to message: "You are already logged in". But will the
second issue that I reported also be fixed in this bug?

*Issue summary:*  When a user logs in he is shown the message: "You may
close this browser window and go back to your console application.". Now if
I open a new tab, the user should be logged in right? But he is shown the
login form again.

This issue was not coming in Keycloak 3.4.3 and session was being
maintained by browser. But I found this issue on 4.1.0 and also on 4.3.0.
In the 4.x version I see a cookie *KC_RESTART* cookie instead of
*KC_SESSION* cookie in cookies section which might be the reason.

*Here's the post containing complete details of above issue with
screenshots:*
https://stackoverflow.com/questions/51592647/keycloak-is-not-maintaining-session-in-browser



On Tue, Aug 21, 2018 at 6:08 PM Marek Posolda <mposolda at redhat.com> wrote:

> We have opened JIRA for this:
> https://issues.jboss.org/browse/KEYCLOAK-5179 . Hopefully it's fixed
> relatively soon in one of the next releases.
>
> Marek
>
> On 17/08/18 07:47, keycloak demo wrote:
> > Update:
> >
> > Facing the same issue on keycloak 4.3.0.final. I have taken a fresh
> > instance of keycloak 4.3.0 and created just 2 users, but still facing the
> > same issue of browser not maintaining session.
> >
> > On Mon, Aug 13, 2018 at 12:10 PM, keycloak demo <testoauth55 at gmail.com>
> > wrote:
> >
> >> Can someone please help me on this issue?
> >>
> >> On Thu, Aug 9, 2018 at 9:51 AM, keycloak demo <testoauth55 at gmail.com>
> >> wrote:
> >>
> >>> Another update:
> >>>
> >>> Though the login form appears every time but if i login with a
> different
> >>> user the second time i.e. launch client app -> login with user1 ->
> relaunch
> >>> client app (browser shows login form instead of already logged in
> message)
> >>> -> now login with user2.
> >>>
> >>> I get following message:
> >>> " We're sorry...You are already authenticated as different user 'user1'
> >>> in this session. Please logout first."
> >>> If it's able to know another user is logged in, then why the login form
> >>> is appearing?
> >>>
> >>>
> >>> On Tue, Jul 31, 2018 at 4:58 PM, Test Oauth <testoauth55 at gmail.com>
> >>> wrote:
> >>>
> >>>> An update on my findings: When I checked developer console: I am
> getting
> >>>> KC_RESTART cookie in cookies section.
> >>>>
> >>>> On Tue, Jul 31, 2018 at 9:34 AM, Test Oauth <testoauth55 at gmail.com>
> >>>> wrote:
> >>>>
> >>>>> Yes sir,
> >>>>> I followed the doc  https://www.keycloak.org/docs/
> >>>>> latest/securing_apps/index.html#_installed_adapter. And am seeing the
> >>>>> same behavior on chrome and firefox.
> >>>>>
> >>>>> Also regarding the manual mode, I see the same behavior i.e I have to
> >>>>> re-login for each re-run of the client app.
> >>>>>
> >>>>> But if I do this:
> >>>>>
> >>>>> System.out.println("Login through manual mode");
> >>>>> keycloak.loginManual();
> >>>>> System.out.println("Login through browser");
> >>>>> keycloak.loginDesktop();
> >>>>>
> >>>>> i.e. if I call both modes in the same code or even same mode twice in
> >>>>> the same code, then I don't have to re-login for second call (in the
> above
> >>>>> example for loginDesktop). However when I re-run the application, I
> need to
> >>>>> re-login. This might be a stupid guess but could these sessions be
> "java
> >>>>> object specific"?
> >>>>>
> >>>>>
> >>>>> On Tue, Jul 31, 2018 at 6:14 AM, Dmitry Telegin <dt at acutus.pro>
> wrote:
> >>>>>
> >>>>>> Hi,
> >>>>>>
> >>>>>> Did you do everything in accordance with the docs?
> >>>>>> https://www.keycloak.org/docs/latest/securing_apps/index.htm
> >>>>>> l#_installed_adapter
> >>>>>>
> >>>>>> Do you experience this in "manual" mode too?
> >>>>>>
> >>>>>> Cheers,
> >>>>>> Dmitry Telegin
> >>>>>> CTO, Acutus s.r.o.
> >>>>>> Keycloak Consulting and Training
> >>>>>>
> >>>>>> Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> >>>>>> +42 (022) 888-30-71
> >>>>>> E-mail: info at acutus.pro
> >>>>>>
> >>>>>> On Mon, 2018-07-30 at 16:08 +0530, Test Oauth wrote:
> >>>>>>> I am using openid-connect for authenticating users. After
> successful
> >>>>>>> authentication, browser windows says:
> >>>>>>> "Login Successful
> >>>>>>>
> >>>>>>> You may close this browser window and go back to your console
> >>>>>> application."
> >>>>>>> However, even without closing the window if I relaunch my
> application
> >>>>>>> (using keycloak.loginDesktop();) even within 10 seconds, still the
> >>>>>> login
> >>>>>>> page appears instead of : you are already logged in.
> >>>>>>>
> >>>>>>> Browser: Firefox.
> >>>>>>> _______________________________________________
> >>>>>>> keycloak-user mailing list
> >>>>>>> keycloak-user at lists.jboss.org
> >>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>>>
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>

More information about the keycloak-user mailing list